From 5f43e257e9e4c8db26033bb003dce710ad40c5c6 Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Mon, 5 Aug 2013 15:36:48 +0200 Subject: [PATCH] Clarify staticweb configuration with keystone. Since staticweb works with anonymous requests by default, explictly mention delay_auth_decision for the authtoken middleware in /etc/swift/proxy-server.conf. Change-Id: I4879884b22224843cf9d4a50ba3359fac36957dc --- swift/common/middleware/keystoneauth.py | 6 +++--- swift/common/middleware/staticweb.py | 7 +++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/swift/common/middleware/keystoneauth.py b/swift/common/middleware/keystoneauth.py index 3630a1bb77..b26431a92f 100644 --- a/swift/common/middleware/keystoneauth.py +++ b/swift/common/middleware/keystoneauth.py @@ -38,9 +38,9 @@ class KeystoneAuth(object): installing keystone. If support is required for unvalidated users (as with anonymous - access) or for tempurl/formpost middleware, authtoken will need - to be configured with ``delay_auth_decision`` set to 1. See the - Keystone documentation for more detail on how to configure the + access) or for formpost/staticweb/tempurl middleware, authtoken will + need to be configured with ``delay_auth_decision`` set to true. See + the Keystone documentation for more detail on how to configure the authtoken middleware. In proxy-server.conf you will need to have the setting account diff --git a/swift/common/middleware/staticweb.py b/swift/common/middleware/staticweb.py index 8a2061cb17..3f5404a82e 100644 --- a/swift/common/middleware/staticweb.py +++ b/swift/common/middleware/staticweb.py @@ -16,8 +16,11 @@ """ This StaticWeb WSGI middleware will serve container data as a static web site with index file and error file resolution and optional file listings. This mode -is normally only active for anonymous requests. If you want to use it with -authenticated requests, set the ``X-Web-Mode: true`` header on the request. +is normally only active for anonymous requests. When using keystone for +authentication set ``delay_auth_decision = true`` in the authtoken middleware +configuration in your ``/etc/swift/proxy-server.conf`` file. If you want to +use it with authenticated requests, set the ``X-Web-Mode: true`` header on the +request. The ``staticweb`` filter should be added to the pipeline in your ``/etc/swift/proxy-server.conf`` file just after any auth middleware. Also, the